1. Field of the Invention
This invention relates to secure end to end communications systems. More particularly, the invention relates to a system and method of operation for conducting electronic commerce using remote vault agents directly interacting with a web based vault controller.
2. Background Discussion
Traditionally, organizations, such as retailers, banks, and insurance companies in conducting electronic commerce, register their customers or users and control their access to organization software applications with a user identification (user ID) and password. The user ID and password establish a user identity for accessing secure information. The password is the “virtual key” that authenticates a user. However, a password does not provide the necessary security needed for electronic commerce. Passwords have the following limitations:
(a) Can be compromised during log-on by on-lookers;
(b) Can be easily intercepted on the Internet if the transaction is not secured with a secure web protocol, such as a secure socket layer (SSL);
(c) Authenticate a user to a host but not a host to a user;
(d) Can be discovered using automatic “trial and error” techniques;
(e) Do not protect transmitted information; and
(f) Do not ensure the access is limited to authorized entities and applications.
A new approach to conducting electronic commerce on secure end to end communication systems is described in the cross-reference application. In this approach, digital keys have replaced user identification/password pairs. Public key cryptography uses mathematically related public/private key pairs. Only the private key can decrypt the information the public key has encrypted. Only the public key can verify a signature performed with a private key. The public key can be made available to anyone. The private key is kept secret by the holder.
Just as digital authentication is replacing user identification/password pairs in electronic commerce, digital signatures are replacing physical signatures. A digital signature is a coded message affixed to a document or data that helps guarantee the identity of the sender, thereby providing a greater level of security than physical signatures. A digital signature identifies the sender because only the sender's private key can create the signature. The key also helps ensure the content of the signed message cannot be altered without the recipient being able to discover that the message has been altered. Digital certificates are replacing their physical counterpart—hard copy credentials. Digital certificates issued by a certification authority vouch for (or certify) the key of an individual, software application, organization or business. The certificate performs a role similar to that of a driver's license or medical diploma—the certificate certifies that the bearer of the corresponding private key is authorized (by an organization) to conduct certain activities for that organization.
However, the life cycle of digital certificates is similar to that of physical certificates. Digital certificates are issued after authorization in which a user is given the right to use a digital certificate for a specific amount of time. The certificate may be temporarily suspended when a user reports a lost certificate and re-instated at a later time. The certificate may also be revoked by the organization. Finally, digital certificates expire and for secure end-to-end communications in electronic business, the certificate must be validated to determine whether the certificate has expired, been revoked, or suspended.
Digital certificates are issued through authorized registrars known as Registration Authorities (RAs). The RAs determine whether the applicant should be authorized to access secure applications or services and set in motion a process to issue a certificate. A Certification Authority (CA) issues the digital certificate after approval by the Registration Authority. The certificate is a binding between a public key and an identity, i.e., a person, organization, or computer device. The certificate includes a subject name; issuer name; public key; validity period; unique serial number; and CA digital signature. A CA guarantee's the authenticity of the certificate through its digital signature. The certificate may be revoked at any time. The serial numbers of the revoked certificates are added to a Certification Revoked List (CRL) published in an X.500 Directory based on a standard defined by the International Telecommunications Union (ITU).
A secure operating environment is required by RAs and end users in conducting the registration process for the issuance of digital certificates, which uniquely identify end users. A preferred secures operating environment employs “Vault Technology”, described in the above-mentioned cross-related application, Ser. No. 08/980,022 now U.S. Pat. No. 6,105,131, filed Jun. 13, 1997. Briefly stated, “Vault Technology” provides a secure environment in a web server using a vault controller, which provides security from other processes running on the same server. The vault controller provides secure areas as personal storage vaults to which only the owner has an access key. System operators, administrators and others cannot get to stored information or secure processes in such personal vaults. Combined with the well-known Secure Sockets Layer (SSL) protocol, the vault controller enables secure transactions that may require multiple sessions using personal vaults. The personal vault is linked to a particular UNIX account that is linked to a user with a specific vault access certificate. The content of the vault is always encrypted. The vault contains an encryption key pair and signing key pair, both of which are protected. Each vault has a unique distinguished name in an X.500 directory that provides storage for specific items essential to a Public Key Infrastructure (PKI).
To enhance and facilitate the conduct of electronic commerce for both end users and organizations providing vault-based custom applications, a need exists for a remote vault agent, preferably under the control of the business organization, to directly interact with a vault controller on a non-web basis and in a secure end to end manner.